On Sat, 04 Apr 2009 19:22:18 +0300, Niko Tyni wrote:
> > I'm attaching the diff between 1.30-2 (in oldstable) and 1.38-2 (the
> > last version in the archive that got removed later). The diff is
> > created by
> Please note that there was also a 'second half' to CVE-2007-4829 fixed
> upstream in 1.39_01. See #509802. This should presumably be fixed too.
Thanks for spotting!
I've just downloaded your patch from
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=29;filename=39_fix_archive_tar_symlink_unpack;att=1;bug=509802
and it applies cleanly to 1.38-2 from our svn repo, so if the release
team wishes it would be easy to upload the "old" 1.38-2 plus this
patch (with whatever version number would be appropriate for such a
mixture :).
Cheers,
gregor
--
.''`. Home: http://info.comodo.priv.at/{,blog/} / GPG Key ID: 0x00F3CFE4
: :' : Debian GNU/Linux user, admin, & developer - http://www.debian.org/
`. `' Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/
`- NP: Supertramp: From Now On
Attachment:
signature.asc
Description: Digital signature